For security reasons, users may be required to authenticate to their user devices (e.g., desktop, laptop, portable and/or tablet computers; smart phones, feature phones, etc.) in order to initiate a usage session. Users are also typically required to authenticate to initiate sessions with many remote communication partners, e.g., banking web sites, e-commerce sites, employer networks, etc. In some cases, authentication includes entering a password. In other cases, authentication may include providing user biometric data such as a fingerprint to the user device.
The initial authentication provides confirmation of user presence only at the time of the authentication. After the initial authentication, the user device may not “know” whether the authenticated user is still present and continues to possess the user device or that the authenticated user is no longer present or that another person is now present and/or possesses the user device. For example, the authenticated user may have stepped away from the user device leaving the device “unlocked” and therefore vulnerable. An unauthorized user may then access the user device.
In addition, for security reasons, some user devices, applications and/or remote communication partners are configured to close a session after a predefined period of user inactivity (e.g., lack of active user inputs) or to require re-authentication after a predefined time period, regardless of activity. For example, the user may be viewing a presentation in a teleconference. In another example, the user may put his/her user device, e.g., smart phone, into his/her pocket. The authenticated user may still be present and active. As a result of the session being closed, the user is interrupted and must re-authenticate in order to continue.
Thus, authentication that occurs at one point in time may fail to detect that the authenticated user is no longer present and leave a session open or may close a session even though the authenticated user is still present and active. In the first instance, the session may not close when it should and security may be compromised. In the second instance, the user's session may be interrupted resulting in a degraded user experience.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.